811f17cb1e3e1bf202c254d755f3b00a3289366db84ca61ebef786f9397755e0

Resubmissions

28/03/2025, 09:45

250328-lq2j9at1bz 8

28/03/2025, 09:41

250328-lnyetawnt5 3

Analysis

max time kernel
95s
max time network
67s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

_Silent Install.cmd
Size

1KB
MD5

dc692760fdb24d67353a58c978e14740
SHA1

d1865b64d93aa24055c39cda5b1803b550bd8155
SHA256

06d6f2f798d29a5af31b44f5c48f4c34779eb20fced3e2c6ff5170b78a92f301
SHA512

d73c7c6083788ef04d14bfbffd5d9f5d7c73942c5bde965dcf0967223b4d0a4d2d2d00a408ccc7c414b0f215f61fc038d0523a1c9a0aee33cf2b789cc99f6cb3

Score

8^/10

defense_evasion discovery execution persistence privilege_escalation spyware stealer

Malware Config

Signatures

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002

Modifies Windows Firewall 2 TTPs 3 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1548	netsh.exe
5112	netsh.exe
1944	netsh.exe

Executes dropped EXE 5 IoCs

pid	Process
5812	Avira Phantom VPN 2.44.1.19908.tmp
440	Avira.VpnService.exe
6112	Avira.WebAppHost.exe
5352	Avira.NetworkBlocker.exe
2820	Avira.WebAppHost.exe

Loads dropped DLL 4 IoCs

pid	Process
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Checks for any installed AV software in registry 1 TTPs 1 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Security\Benchmark	Avira.VpnService.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Avira\VPN\ServiceStack.Text.dll	Avira Phantom VPN 2.44.1.19908.tmp
File opened for modification	C:\Program Files (x86)\Avira\VPN\Avira.VPN.Core.dll	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-J1DM2.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-9F971.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-5IDQ9.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\fonts\is-EC14S.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-9FIF2.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-OGQIE.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-SKN9Q.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-BAFMQ.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File opened for modification	C:\Program Files (x86)\Avira\VPN\OpenVpn\TAP\win10\amd64\tapinstall.exe	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\is-N5MKP.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-JM1SH.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-B43CL.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\Templates\is-6RHPF.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\is-HQORB.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-P6IDM.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-13OMB.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-MTLHT.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-9CTP4.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-EF211.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-9MLU8.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\is-UCCNA.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-GC012.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-8GF6C.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\OpenVpn\TAP\win7\i386\is-VDAAV.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\ru-RU\is-JESV3.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File opened for modification	C:\Program Files (x86)\Avira\VPN\OpenVpn\libcrypto-1_1.dll	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-7MMLC.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-R4PKH.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-BDVN2.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-E468A.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-V74NV.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\is-CEM6D.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-09VI0.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-JFNP5.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-G06R4.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-VFK72.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\is-LM9A6.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-E4E2R.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-GSAJP.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\OpenVpn\is-6I3CG.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\OpenVpn\TAP\win10\i386\is-A0E4F.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File opened for modification	C:\Program Files (x86)\Avira\VPN\VPN.Core.dll	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-U6TPP.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-T2GF9.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-UOCIA.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-2IJTN.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-MLVC0.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\fonts\is-GGDF6.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-CDBGU.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-UBAFJ.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-STC58.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-F6PMU.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\Templates\is-BO2J8.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\Templates\is-1DQRM.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-7H206.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-6JNPU.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\OpenVpn\TAP\win7\amd64\is-N0DA1.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\views\directives\is-LKUMI.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-4S27R.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\OpenVpn\is-RK44O.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-HQQ6F.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\OpenVpn\TAP\win10\amd64\is-UP2DG.tmp	Avira Phantom VPN 2.44.1.19908.tmp

Launches sc.exe 3 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1916	sc.exe
5452	sc.exe
2744	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avira Phantom VPN 2.44.1.19908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avira.NetworkBlocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avira Phantom VPN 2.44.1.19908.tmp

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Avira.VpnService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Avira.VpnService.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	Avira.VpnService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	Avira.VpnService.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	Avira.VpnService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Avira.VpnService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	Avira.VpnService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	Avira.VpnService.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\vpnclient = "a065983eaaef4081b7827e5346767726c9d28215"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\machine = "31d25cabacb341f8af7822fc162a5d1673b63075"	Avira.VpnService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\vpnclient = "14b6ab18c9fb46928db09a1541dc17d540a668df"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\telemetry = "d86910df45884381b25eda9e5566f06ec1bdec54"	Avira.WebAppHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}	Avira.VpnService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\vpnclient = "a20ea88e919a43f48b1b1468bc7d38bf7bc613bc"	Avira.VpnService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\telemetry = "5ca01b6f88ab4b458263cc9d5fb886d04a304623"	Avira.VpnService.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
440	Avira.VpnService.exe
6112	Avira.WebAppHost.exe
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	440	Avira.VpnService.exe
Token: SeDebugPrivilege	6112	Avira.WebAppHost.exe
Token: SeDebugPrivilege	2820	Avira.WebAppHost.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
5812	Avira Phantom VPN 2.44.1.19908.tmp
2820	Avira.WebAppHost.exe
2820	Avira.WebAppHost.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2820	Avira.WebAppHost.exe
2820	Avira.WebAppHost.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
5812	Avira Phantom VPN 2.44.1.19908.tmp
2820	Avira.WebAppHost.exe
2820	Avira.WebAppHost.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 3152	3700	cmd.exe	79
PID 3700 wrote to memory of 3152	3700	cmd.exe	79
PID 3700 wrote to memory of 3152	3700	cmd.exe	79
PID 3152 wrote to memory of 5812	3152	Avira Phantom VPN 2.44.1.19908.exe	80
PID 3152 wrote to memory of 5812	3152	Avira Phantom VPN 2.44.1.19908.exe	80
PID 3152 wrote to memory of 5812	3152	Avira Phantom VPN 2.44.1.19908.exe	80
PID 5812 wrote to memory of 2636	5812	Avira Phantom VPN 2.44.1.19908.tmp	81
PID 5812 wrote to memory of 2636	5812	Avira Phantom VPN 2.44.1.19908.tmp	81
PID 5812 wrote to memory of 2636	5812	Avira Phantom VPN 2.44.1.19908.tmp	81
PID 2636 wrote to memory of 1612	2636	net.exe	83
PID 2636 wrote to memory of 1612	2636	net.exe	83
PID 2636 wrote to memory of 1612	2636	net.exe	83
PID 5812 wrote to memory of 1916	5812	Avira Phantom VPN 2.44.1.19908.tmp	84
PID 5812 wrote to memory of 1916	5812	Avira Phantom VPN 2.44.1.19908.tmp	84
PID 5812 wrote to memory of 1916	5812	Avira Phantom VPN 2.44.1.19908.tmp	84
PID 5812 wrote to memory of 5452	5812	Avira Phantom VPN 2.44.1.19908.tmp	86
PID 5812 wrote to memory of 5452	5812	Avira Phantom VPN 2.44.1.19908.tmp	86
PID 5812 wrote to memory of 5452	5812	Avira Phantom VPN 2.44.1.19908.tmp	86
PID 5812 wrote to memory of 2744	5812	Avira Phantom VPN 2.44.1.19908.tmp	88
PID 5812 wrote to memory of 2744	5812	Avira Phantom VPN 2.44.1.19908.tmp	88
PID 5812 wrote to memory of 2744	5812	Avira Phantom VPN 2.44.1.19908.tmp	88
PID 5812 wrote to memory of 1548	5812	Avira Phantom VPN 2.44.1.19908.tmp	92
PID 5812 wrote to memory of 1548	5812	Avira Phantom VPN 2.44.1.19908.tmp	92
PID 5812 wrote to memory of 1548	5812	Avira Phantom VPN 2.44.1.19908.tmp	92
PID 5812 wrote to memory of 1944	5812	Avira Phantom VPN 2.44.1.19908.tmp	93
PID 5812 wrote to memory of 1944	5812	Avira Phantom VPN 2.44.1.19908.tmp	93
PID 5812 wrote to memory of 1944	5812	Avira Phantom VPN 2.44.1.19908.tmp	93
PID 5812 wrote to memory of 5112	5812	Avira Phantom VPN 2.44.1.19908.tmp	94
PID 5812 wrote to memory of 5112	5812	Avira Phantom VPN 2.44.1.19908.tmp	94
PID 5812 wrote to memory of 5112	5812	Avira Phantom VPN 2.44.1.19908.tmp	94
PID 440 wrote to memory of 5352	440	Avira.VpnService.exe	101
PID 440 wrote to memory of 5352	440	Avira.VpnService.exe	101
PID 440 wrote to memory of 5352	440	Avira.VpnService.exe	101

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_Silent Install.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Users\Admin\AppData\Local\Temp\Avira Phantom VPN 2.44.1.19908.exe
  "Avira Phantom VPN 2.44.1.19908.exe" /SILENT
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3152
- - C:\Users\Admin\AppData\Local\Temp\is-8LMM0.tmp\Avira Phantom VPN 2.44.1.19908.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-8LMM0.tmp\Avira Phantom VPN 2.44.1.19908.tmp" /SL5="$8006A,6139874,64512,C:\Users\Admin\AppData\Local\Temp\Avira Phantom VPN 2.44.1.19908.exe" /SILENT
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5812
  - - C:\Windows\SysWOW64\net.exe
      "net" stop "AviraPhantomVPN"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "AviraPhantomVPN"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" create "AviraPhantomVPN" binPath= "C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe" start= auto error= ignore DisplayName= "Avira Phantom VPN"
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:1916
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" description "AviraPhantomVPN" "AviraPhantomVPN"
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:5452
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc.exe" start "AviraPhantomVPN"
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:2744
  - - C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="Avira Phantom VPN"
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      System Location Discovery: System Language Discovery
      PID:1548
  - - C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="Avira Phantom VPN" program="C:\Program Files (x86)\Avira\VPN\OpenVpn\phantomvpn.exe" dir=in enable=yes profile=any action=allow
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      System Location Discovery: System Language Discovery
      PID:1944
  - - C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="Avira Phantom VPN" program="C:\Program Files (x86)\Avira\VPN\OpenVpn\phantomvpn.exe" dir=out enable=yes profile=any action=allow
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      System Location Discovery: System Language Discovery
      PID:5112

C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
"C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe"
1⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:440
- C:\Program Files (x86)\Avira\VPN\Avira.NetworkBlocker.exe
  "C:\Program Files (x86)\Avira\VPN\Avira.NetworkBlocker.exe" delete
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5352

C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
"C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe" /migrateSettings
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6112

C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
"C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Avira\VPN\App\css\vpn-1.0.0.min.css

Filesize
61KB

MD5
ce81ba3abcd5c48c382d5865c6d74357

SHA1
f20c01e18d208d1c23c3a46dfd4d2c3dbed23664

SHA256
2d59cde155d35fdcac02506b31f5c636c24d3994f2e5f00e59374145ee54d4ff

SHA512
da936bf3ebf9290a5e3cfb3c9811b122d1738bafd473309f9f1821852e9644705e8f4e9e4948c3531c16b84703fc766447c25786ac93d98cdeb9cc8f93c60f36

Download Submit
C:\Program Files (x86)\Avira\VPN\App\css\vpn-vendor-1.0.0.min.css

Filesize
50KB

MD5
3e010afca2c5420d1793cd51ede3ea14

SHA1
190f42c1d34aa8de83939619df0440401b01f869

SHA256
7146bb2cd47b3bf090b202cd88c53467318f534c5f4e079c1ac3bf7be56f485f

SHA512
01b6062081c22503c24ef8cc55f5ecbd089ff36f102d35a9a1b919a4ab7851f69d59929e69579fc9d647a98d22b44720d758f0d838b8b8eed6e650322c21c475

Download Submit
C:\Program Files (x86)\Avira\VPN\App\fonts\KievitWeb-Light.woff

Filesize
54KB

MD5
a8a9d6aaf9f3940badc66e2a2aa21047

SHA1
8d2cd2f4fd9fd36f19033c01272dc3fe43bccdb7

SHA256
a791aba3842d3766494ad0aa2a1b9cdbd2bb8aa8b2235aedea82e993c851a1ab

SHA512
46561f0b8f178e4e4cc836a4561d12f6a0670543ac5567bcede9cb193bfdb4bf654e3f01372210f158ae3de58643e4c963c1e1cb788f497ee817877a019fcfd4

Download Submit
C:\Program Files (x86)\Avira\VPN\App\images\gif\loading.gif

Filesize
8KB

MD5
8a7630caadfb15dbd13cb469853ab004

SHA1
8947a7e8900a4e4359ded13199f4f05ee0e55e84

SHA256
c9c616de646e94b9adea60ef1e8ffe5246f82b82baa1e039b1b6007067791773

SHA512
5c229f934e5c764247f990e2b813ad8ad055c81df1739b0a773aafe1e7f1285c098ac8db24bd4a074eb8981a933955fa9ed69c0da1503259d30d397bdb5809df

Download Submit
C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-9MLU8.tmp

Filesize
743B

MD5
d3b58f803a9a01a59210dd673998a229

SHA1
6caddb6c8e749e9c5b786a3984bb7bdbba2bafc5

SHA256
3cf52e677d7f7be201cbf6e3ec56ed1f48b95c47e5969ef2c2510e270133c4f0

SHA512
88aade4affd629926e473df3d26ecca5ba49c4b77da9343e58729cf3a2b1cd0b9d27d9e019018455bffd18b7a7570a5c14d918eff46deecc5821903f76094988

Download Submit
C:\Program Files (x86)\Avira\VPN\App\index.html

Filesize
3KB

MD5
1432a946255142ddb2b4a0755cc151a2

SHA1
4640485ca29a0356cf17e363c88f5880779036fd

SHA256
996d6d6631d56c80b8a000d98d485476e5d8beb0aa37bdc6fabc5a76dde9ee9f

SHA512
5a215a068994d31d3bbce71641f090d15fca0e85b0c4f4964d280165732bc774608cdd1fe033aac02f8b1946c26f862a4814fce171db451fe4e267af3d35854d

Download Submit
C:\Program Files (x86)\Avira\VPN\App\js\vpn-1.0.0.min.js

Filesize
314KB

MD5
e337f5790d7d1892802c27220d53f247

SHA1
70d31ff02bbc55f91941c7588bd4f893e9f3cc8b

SHA256
b12538b1053afefca545732f429d944ceb6d84a786e6fcf68c20bbfff51de846

SHA512
bfb4584ad5e29eb705829b6312d93ebb5ed633273e109bcb0b7c929814b59b63612c096cd1d3987f6979eabfea4356d4bc8947db8004a98934faf69256521e1d

Download Submit
C:\Program Files (x86)\Avira\VPN\App\js\vpn-vendor-1.0.0.min.js

Filesize
317KB

MD5
fd6679775b921878549ef80e6d9d59d3

SHA1
fb89bc2eb33f47cc56b00630ea79818d61fd678d

SHA256
696393aa261c0980dac558ce58fc30e9806d8b64f65c28c572b282ebf2a04f56

SHA512
66976a9b0002f1d32b6c7618a7a7c6ccbbc373ffc565415448428eb75fb60251b3b1934571b6bc725ec5ce456f5adaddfc994595cc3b1d87ef02ba3478ed7e34

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.Acp.Common.dll

Filesize
14KB

MD5
271d473a99869a462e0200e1776b093c

SHA1
050bd3a95fc3c1a66a9fa11a7649afe95b48e5ca

SHA256
793dc8d33fd8190c6d87c39a860ae4d67c6f02a19b573087831b18202f8e413e

SHA512
8df6120445f10fd3a62b72a33f86b1969a42eae85d97154d5f030bebf68d579263be50ba4e0a9758bd9a8698e9680277d1491bebc1b2c91722d0ebab04275510

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.Acp.Resources.dll

Filesize
54KB

MD5
318f261f2875d1b6ad27afd9aebce1da

SHA1
6230901e4b145e7ea66160e9726951931a00b7de

SHA256
839942ba4c0e36ad27355f65acf6520bbd6fa0967bfd3d9d6ddec520ca4fc3c9

SHA512
379c89f2d165a1551c459984f3aeec556499c2cc7346f4a346d5b651f5a729c44b0f84c68b48f120f8c5ddaba0bfa2895421acb7261f266dd5743ce8fa6a6c80

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.Acp.dll

Filesize
151KB

MD5
93b9f3f908fd317f6400044ace1426b8

SHA1
28a81a9e705837007143c1933a436941bc0e3e73

SHA256
4c20af4eb824f54308a3d0fcb1e0c02705e36f4066a96d3187ff61cbd324bfbf

SHA512
6b32af4a9e63320ca20daea161c655ad58a4bcaffa8c0ecbe40cf2f41599a09bdc3306916e87777259ade6b120e2eb193e79ca4345268a49786159779d2aead1

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.Common.Acp.AppClient.dll

Filesize
43KB

MD5
223b514db361069dbe4e56983113092a

SHA1
13a71fb55e6cda7db64df764b4073fd59ea6dce7

SHA256
c09d32229c51eb1f4bfb7132002e68acc61883fda68365fcd274439eda332af7

SHA512
2010806d2a3f60e9714e98e856fab7d651e0cd7f93bdf146ab2870c4a5581dc3809483fd045c40bbeaf1652e0bbb1d06539876d7173a03ee4a71024a2f29e7ee

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.Common.Core.dll

Filesize
67KB

MD5
12cc33847b511eaab85d42a62bd7770e

SHA1
240a3ec390e8271d24687de2d24e221483d7d4dd

SHA256
48d0e13ee24af3fe5bd666b410b59f6a12dceca0fabb3038cf29779cbede835a

SHA512
94b22e8e0dcac61480213e1292a2e0d93b58d19e5ab7168ed6954a21a67cdd2c33521164d351cdb45d9621a7b21ad979c1f4f013b4f09d53fb98d338838f0e73

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.Messaging.dll

Filesize
46KB

MD5
f59d38fa0dc7bafff65f9ea5bb88490b

SHA1
a0b3da5df01e851f5880934183bf6fd0b3882657

SHA256
58d3cc5b59d8f9eb3a187de1377cd40ebf38852944b6d7d59abae64be5416cb0

SHA512
b22ec4b48f052bb049cc2c5e285efbbd2dbad1adf77f3c18b832a7bf60872984464ab2fcded4f4e7734d91fd0e671f6d2b56660d277c64b18594c6f21e6f6f81

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.NetworkBlocker.exe

Filesize
236KB

MD5
01fbb420b06ddc49ed8194292b387425

SHA1
203404e993901ba47a166938ea62ea52fabdd2b4

SHA256
f9e95d2d3760b2b56f70daad4db65781b090ff014029c6b4e2b7897d0e685cf8

SHA512
b488e8d2348e7efa39cf052007421e90fa83724b40f3599444c8dc57cdfa36e2a765d3c377cfcbc45262662844792ebc49f0f4bcf2fa6cdcaa3f3337daef6912

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.VPN.Acp.dll

Filesize
31KB

MD5
e8cdcbb79fc2efa8b55a79ae427482d3

SHA1
a25f319970661010d9e50948786832f89f493e01

SHA256
4f1da0dff5d32ef6150a6de7e37907d810f55f4f5e2aa870c4225488af2a3c3d

SHA512
df51a2d0d360618517bb8a4deaaa967d78b3c8417a5c78058516db26031bb450e626ef7c0748baa6d7cefa4fa8f9c74c32b17a761bc5b79f331c517131aa9f63

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.VPN.Core.dll

Filesize
142KB

MD5
7d002e4289804dfef8a96e31e78a3615

SHA1
6a52c77d2eead1cabc7b5d34915f389f64307dda

SHA256
04e62763024f65be2b7856d66e66974597a3073de2d532db58795b7bf375770b

SHA512
cf167bd6834ba06240c1ba5c9a85086e1fe09d20cc8590cbb44cd51044a2dfd04cc36ddcc35687973a67ccb9ddb1e504f87d5513f300ca0a30a09009e34793e8

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.VPN.NotifierClient.dll

Filesize
27KB

MD5
191011e0325600c321c13a5d642dce8c

SHA1
630384ab0c3dcff33964ca8869dd31510ecb8d8d

SHA256
b267d1b02da761ff4b2ab2cc72904eab942692929155da7c09e7368492646b89

SHA512
8d015e9c706386b47f46f51959ed28169c05b6215442eb3dab2987fd1547dbbc68903ad6667f96c37088eb933dd17bf6ed16d8da678fd44ec3ccb43d5a2be651

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.VPN.OeConnector.dll

Filesize
40KB

MD5
a382bb982dac18b9b2bee6ab353827be

SHA1
5a88ae7ff1d42ce4979e2ac6f6f4d82ea12ec6fd

SHA256
b818007801ca7f12c18695aafb18475898f692c0c76a352b49167c57095999b4

SHA512
c5eb76520798a284988e084171d5c996e6cf52b94fdb8b3620aeecce5a20111b4020eb2a9f1f8fb59ecaeede97564b853088ca04237ba0fc3be32d76a5e3fd60

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

Filesize
345KB

MD5
9438d0f210f07aba8155cc7a7674a10d

SHA1
524c7c89e6f4348d8ff4769d0390abc340e89d4e

SHA256
2b2f702a8ea0ef59c8e51d81f53d895235783906d22c16b71860771547794c18

SHA512
78633755988fc840874c4cb3e9a9350f04f2b5faac38eaf5d230d90dc69b87e7c4b32d1a2f4ddf01174ef469ab2e8e794c5ad4455c20abd1600661575a3ecda1

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe.config

Filesize
8KB

MD5
caeeb2f73c7c7357eb534d18034e0165

SHA1
7c7932f023b314e4716bac8fbc1884e59f8b6313

SHA256
2eaab47d45fb6d699d45f4954437f90f8f8f723f8b0e5c727fcc5a760408ef5b

SHA512
8fdb3df3f0e8f5f7e5cf6aa0e0392e238ccff66fa5fe5de33dbfbe1498cd03cf53277e222a6c7df6dc44aec73b657d460d765e7399d32d6318d7c78ae3e32049

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe

Filesize
815KB

MD5
ea069f7019a7b305cff275aed802a2ca

SHA1
d2b955656a234b507e8fe9d41395fbb97701ba43

SHA256
0a2d4aaab11291d99542e74689bc6265bb2a7922d8870167bdcc3210f0627273

SHA512
3980747d2acad456b3c5fb6ad3550c9f1520bc54c5ff68d0137d8e2682632e85f26ccd3703aab6c394bfd43f05e5699bc07240ab23e2492358363487bb68cfa5

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe.config

Filesize
3KB

MD5
02a0ea3d50162a1acd4b064d186e953d

SHA1
b7c5580871b73c40283a96caef6d65b65b7bdd0b

SHA256
b160fc20f23f46a9b1a878dc40b3588ba75ea936e918e036c8012d1ef43c8274

SHA512
c7d533b1a921e5b54c250a05234fba7da5ef265afb180642e2a561c5ac24e27f19d3f7312bf29f4e2239f602a9d3440738988a823e377ba482737c824430064a

Download Submit
C:\Program Files (x86)\Avira\VPN\Defaults\ProductSettings.json

Filesize
1KB

MD5
f9eb282786f0c1d27f9f6ae8b448d4d1

SHA1
df4f115df8a7dc8ffc2d7dbdd9953170cb0f8b32

SHA256
7e84e38c4b147fa13e871249a9986c4621176ed0afc88c999901e354f603d096

SHA512
db8a15d8b7b830dd63819eea73aa160accee27dca61a4b9b76d30f9b4161d28307c47d1f412faad9f92d2b77c17832226c16e8db0bb1d413444de1e918692753

Download Submit
C:\Program Files (x86)\Avira\VPN\Messaging.dll

Filesize
36KB

MD5
198703a2aa65565b3c6232add7d9d22d

SHA1
b161ab7056be4892ca92bea1d3ce21d228c4641f

SHA256
304c76f16380cdfbe2a1adbbd36f3a9e3a9bcd8c6901a400f0add66027f885b7

SHA512
603594e89f1e23d5f649a65d8cb8fbf25bdbc7be4213b436c9bc14518fe81d2eed9393c051f1b97ccb6725ed62bee811b88f9c70262d03f5015b3aebc951f591

Download Submit
C:\Program Files (x86)\Avira\VPN\Newtonsoft.Json.dll

Filesize
693KB

MD5
a358964e94bf3cb71172d6776f28fc3d

SHA1
9f16e876559759cdb52a0cb05db6528dd8f1951c

SHA256
cdf68de50fc05055120968d89dfa40f0dcd0a052fe381de1daa312e84b6e41f4

SHA512
5de2c65e1e14443ebcff3f09bc7639c7bf9f1033b11533229df610480c9149292cc3336902102c9983368914e92a49a76edfae493b0378e7212e69e3e808c6ca

Download Submit
C:\Program Files (x86)\Avira\VPN\Serilog.Sinks.File.dll

Filesize
35KB

MD5
97f20eb6f1c67873802f0851859e2aed

SHA1
45e83bdbc9c6d992df5bb7233e9a0f8f661c38b2

SHA256
d1a929b7aa1b1cfa330a33b3c1f238fb1fcf73c7bd9d43bc3579ad8a9625d824

SHA512
0180e31bf95e1ecc6cffc90cbab5b736c61d86bd5b0ac23ae9f3ac7f7602e2b63a0e6f579ff7105f891547deb9beb8bd86fd16995cea4b62b80439a56f7cb761

Download Submit
C:\Program Files (x86)\Avira\VPN\Serilog.dll

Filesize
150KB

MD5
a4cb9f0cd0a7f720cadb28c07542d3de

SHA1
39d5a8fc0474224211db95fa80c6c7d12864c8a8

SHA256
f14f61e815adbb6403ff70941c7d98f1836792dcd4cdf1fbc77f9164694fc932

SHA512
1044a204a3ba81739cb3d937571d9f70fa92e45c754341b35fbbdd5d604ccf8c005b7c92877437f9a827b8ab478627a08c3dca6bf5fa0bc9df72ce2f02f200ca

Download Submit
C:\Program Files (x86)\Avira\VPN\ServiceStack.Text.dll

Filesize
199KB

MD5
537b82928ce015be0594e07587267e41

SHA1
4203b59a6563832db4c012e62e09a66501f8ee62

SHA256
93003778ab63e158cc18b86066e8fbb2c0104cae570dc3f53aa56b38faf41817

SHA512
a073f4b23a1ade5cd27972996fd1b1feeb50c0a04a1c6640124b62cfc2b8b911e793bdbd673147cd89d8ef67b87eaa51668e540f287bdf4d7bb33092aa9d1fd4

Download Submit
C:\Program Files (x86)\Avira\VPN\SharpRaven.dll

Filesize
100KB

MD5
e66983a1cceb2c7cd3f7e3448957d9f6

SHA1
b97981265121322034e04f567faf39cbdbd19679

SHA256
5521dc13a0264e2f178e205b2fbf76c57ed34ef650bd7508348cba0c9f6b2dd6

SHA512
455fe9b542faca8f4add763de2df1fdb4c8b5371e3cdd8df9fda6d743e9c59c22f45a13097159aa92e6fe4d75c2c62aa1192d029368fd4ae58ce4d3f0a2052f2

Download Submit
C:\Program Files (x86)\Avira\VPN\System.Diagnostics.DiagnosticSource.dll

Filesize
169KB

MD5
8a260507f7fe8815fdfd66b97678ddaf

SHA1
2d0893fd0b2cc6c4e83d90ac8ef114bdf229d3e7

SHA256
30fbf5b1aa8736badeebb85a2e630dc44b65659564d6e8399a71a887e2244b98

SHA512
379adb0692dfa46e399e28fe2ea9a0f0a2106f6b5c6b74456f376726d921f3e44cee3c9489fc774ed4b1dad5cbc24247b5e1c2ad2d6efe9cbff469f9eaa44024

Download Submit
C:\Program Files (x86)\Avira\VPN\VPN.Core.dll

Filesize
189KB

MD5
8f1a73c4442f53bd832f667cbf7362b6

SHA1
982ff05d84a8cdf471b6d19364d7a578b1b114de

SHA256
eb61c5d1dc6c5d3172d6dba527f422b44aada039ff7a8c5abbe9784a251420f9

SHA512
43c3ac23318748d2955e42f998be16dfe4f786932f69743e5fcba48223086c90b7ff1e62d785a102e2fa2eca314e20b921b189e15e9e489e4c55635117116fd3

Download Submit
C:\Program Files (x86)\Avira\VPN\en-US\Avira.VpnService.resources.dll

Filesize
21KB

MD5
05d0d2f37e6b683e59cdfd05bcb3b08a

SHA1
b21b207367d0b5dba10d67e9bcc5c29175aa6ab9

SHA256
57b7256eec2eb64deb1f52ecc3ea529c061b99ae009e4a28f70ad76ce565cbc4

SHA512
4c1fa9a21599cc86d4de858d4adb870135be706394a009241425d166c417b9216393ec721ac9f4e2e6659f1d39036672d582a11265a57c715b592f60f5399070

Download Submit
C:\Program Files (x86)\Avira\VPN\lrepacks.dll

Filesize
3KB

MD5
806d697d22bae29e300ef1c0cf0d4dfa

SHA1
d03676f772dc82e17acf2f1681f847bac015b260

SHA256
2bf947b782b448750b619ef75117efaf252538782f9e67c760b295f11affe1be

SHA512
568d28de46af2475f0b5bd9b0041c45a7f69c823f539d4d0eccf918877a02b7ecac4db1c0467bdb36d4de67fc3e98d36f362647d6ddaaace78f7e8b3b37d5d3e

Download Submit
C:\ProgramData\Avira\VPN\VpnPrivateSettings.backup

Filesize
315B

MD5
85e2ebab292dd2cd0059c3f59ed73840

SHA1
024599350ef3805e94508ed16d7a6ba154c9b0bd

SHA256
2f6f6ed5865256fd1f0ef5fecfe99bfe9f8fb9c69edefe53a323afe202760f5e

SHA512
ad42a9bb7bfe70985a107670e7adae10a5f15d95be5949c9315b3506584dfa0c8a9ea7736e21aefff045ed01b71a339b44082f35303be773d67ea5376ba853bf

Download Submit
C:\ProgramData\Avira\VPN\VpnPrivateSettings.backup

Filesize
415B

MD5
4c80e60049f27cd39c60665a801eb514

SHA1
13232b6c83686c14002afaa1662e1db86481ceb0

SHA256
7ab90de6791fa1e6e6a67f8739dd651ed647f04d8a4e62662ce5b4d29ee7e2ee

SHA512
6f023dfff3610a8190d0165637368cec7cb3053509a57ac404dc37350b2d4c2c83e36e4a289da0b8114fc2120b283fc4bc97a84a69378b619fc9e4f11f91ef49

Download Submit
C:\ProgramData\Avira\VPN\VpnPrivateSettings.config

Filesize
520B

MD5
fbe3ddbe8b74c1ea58e5ffd26885c3df

SHA1
856c7697cd5a5b5dc44254913a55bcbbdc892bcc

SHA256
acef4baefc3926a69d910e955eab622f5827c2490901bdcf14ef5dfc3b0db28e

SHA512
73164fa401a2a1cff5bbb765845b681451ad8d1cbfd2ce9678d1dcea7f087061ae7b3f4c6b78a51ced542357439d20edc867c8861aedb56ec37f565f3b31297c

Download Submit
C:\ProgramData\Avira\VPN\VpnPrivateSettings.config

Filesize
5KB

MD5
6b04c2971119cf291a267292bc2c59f5

SHA1
6bf408c866c98f2e860569cb9840f74ea64786a9

SHA256
4ddd83446540c061676f0a398bb85ed3247793730b9261a50cf35f38a596d806

SHA512
06b6ee3395151bd7694b3ded7dfbbe78fa0059b42479382f2ff88d837db39b74cd7cf3b2e66dfc7f856ca917623523a994d5a34b37b91c8e2c361a1a20fdda70

Download Submit
C:\ProgramData\Avira\VPN\VpnPrivateSettings.config

Filesize
66B

MD5
44944cd590899045e3cdeb971fddd252

SHA1
33c584007e0df8fea3e677c6892d6b5549d1c94d

SHA256
cc05bd02cb929f5ef7a9362698d7794845899dd6510fd41eb5f0a95d708a68dc

SHA512
f4f4feec8c79599f41ce83371dd861fea9dd05aaa5211f5be53e2d61df154b6965db17ee8df952a8d8c864fa67aba5b9d1ef0f94608e42a50c057cfd82ccf5ed

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
305B

MD5
0bd99f22fa3382dc0fff78ad1be0a6a5

SHA1
84c31d1d27bb7c7f5703ddeea6e42bf146037752

SHA256
27cf6d47c2b18fbc607306647223ea6a8cd450574a1d6e08f2e6ed428c244ecc

SHA512
7a97d72c2532eb0951aedfbab0029137ee37a8001a3e7713733933e9146853122cbaf22f6805e629bcd6a5a836f416b70776cfb9f297269a9c3e6cc1fa5c3a99

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
305B

MD5
30a34a043a6f9b77848a29cb5e1d417b

SHA1
8f87c8aa412c004be95b15860e519464e3f8e67a

SHA256
0a4e0a398816cb447fb62b66425be563c3adb3d11fc4088c5d8451a7c032ed1c

SHA512
65539b49c9c2f53142fa73440a6c5c1e7c476ba636fa7b217640a81f655bd7b7fc48bff76d0a5feb0ef5fa32a6ef12d3124bd9a78c5103b77caa07786f10056a

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
381B

MD5
a8dd759b8780ed8c9f9d067c441482c1

SHA1
cd10e23f3303796fcbf02321e4b5371c03ec0650

SHA256
a1033755b1cc2d27dd4b1644598495a1b1c6638def0484eae926567a87c62469

SHA512
3e1635df4c321badf1132500c327fcc8e8b8c6a5e62b2bf145d058997e0fabd3ef80a607afc24acfa21dbf3bce9266f9b4ec8095a34f53ac50c831d15e30479e

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
452B

MD5
a1e22c0ceb4a85b91e0a8cf517791be0

SHA1
7a2f8596a5ae2bcca7cfba933dd0c1985682cd69

SHA256
a70c30caa5ad5e607c5526ed91d683d35fd9d265cc006a5c4892e82c8eabdf62

SHA512
f3bb2206b84a030006be0adf44cb1e30a674b5a02653df83fc008540b089e745d1e0013b1bc8049ed432f25251efecf232708db0020644795560df7c7fbd2eb5

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
745B

MD5
1f41bc017661c0d2091220715cc25530

SHA1
ffbd052495e9500123af158e5b0c9015e287c916

SHA256
6ad8814e0fce271a4730ac64fc122f7c7e2cafb47236ec0063dfe4a10505f497

SHA512
68bac948ba2edcfdf49234a4db5bc7605a7d51e7956a77fa8c171b0b2252e59913f6d25a478ed6c6f3740cf54679a1016ea69435c7d231f4d17cfdcaaba50ca8

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
745B

MD5
55328388b3b3f435dac4d8c9ff7f94d8

SHA1
0f97c6cb0edf6ede4cca806845df8bc0609c661c

SHA256
ac484723ee0477c267e44e2d2027a94e03bc37149f1c0a717140b80a089a4a43

SHA512
b5086a0a2ff668367ab8fb2ffc11bd94ee7c7732ca38899ab5dea670c4d9a8c40194712ca84f20e4461b1dc1b28e27d509971d4109463da12c7269f177a6c162

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
233B

MD5
3ae49700da74fc21047bf4bd822a703a

SHA1
6228c1a62a146e67735b986a9a1532fc9fca789f

SHA256
1ac735952206a6c868e5c7c456ca2fd098b725398836a4591405fa0aa592f0f0

SHA512
6c6c567071dc5cbf3ce6139d806cf27444c0d267606cbd291e0b7818309cf85b23de36ff9b357adb68735a753f2acbac0c1fa3a2a6538ba2bc5844508e4b7bc5

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.config

Filesize
263B

MD5
9cf023d09a156249da6291592a4538c2

SHA1
8e0be7b172626ca9f32112cfed57ddda4d2dc5e7

SHA256
b1ec5009b25252b5f6391460ed6771c5ee10213512cc814b4c4f5f391484163b

SHA512
887b4e1317fda1e546156401d0d4624b7da37f4860a1fef67ce11b6d630ab1135aae4392123f0dbdb745881f2556bfb02139971bb04948a5f76e0ffd9d1cc472

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.config

Filesize
745B

MD5
244eb8599600f6a89ab00b958492713a

SHA1
32091a98783af6d76a27619622aacba1c97a4777

SHA256
2553573497ee04f2cffdccf289da3389916001acffc711c19fe7085dad272a0c

SHA512
9ec9655f689b25768476c0b8f4ef3687bf154044ca736ff4c80b6631cea14a6e0825ece01101770fd3a608375832d0e6933264be0d0cc4b1479c70c8859869a4

Download Submit
C:\ProgramData\Avira\VPN\vpndbg.log

Filesize
1KB

MD5
a2499a7202925ee420cead18e49a218a

SHA1
f1acad5ad7d227f2394188e4286652c2476e704d

SHA256
78e451ab2a3a190242c54b4e2bb6e2df626b82cc22c9659b1fe7c1386cd37901

SHA512
e988b969e744b5937c8cf7f2462dfe6a52246994363bd6fd8d49e9a8c1286ac67b00cef58d074d60223d9e056b5cfcc5d7470972b6b3db389696c8e893ca865d

Download Submit
C:\ProgramData\Avira\VPN\vpndbg.log

Filesize
6KB

MD5
381a79df4c1360c7346fb8558f98eb93

SHA1
a559cf92a9d753ddcd94e39bc268c590e993c737

SHA256
3c23c7dfc3c8d641a622ee8d7fe83314cf33cc6284d0a5f2b573f8ddc864bb62

SHA512
d37b7413f1c3d562d9c64cf20a5a69bea592432da3c5b21dd42345879b84d63be706154ff7749c749f35eff6dd4a97189f4ff05a77485eb427c3dd8dc811169f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Avira.WebAppHost.exe.log

Filesize
1KB

MD5
3748103e2925e6312e99ac3bd97c9b19

SHA1
7ba5913e49401aa641d39ae723dba5052a062b01

SHA256
8b762acc09669729fd978c308fd48bfffa345688fa47b75a8182664c6268c904

SHA512
fbf9aa49f64b60e5b39657a443f4b46871a2d4116ec17dea8dd85392d562359bd80aa1b928613ed976f2abed7216bf2c5496de28f37303580ba1058b413a6272

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5AET6.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5AET6.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8LMM0.tmp\Avira Phantom VPN 2.44.1.19908.tmp

Filesize
911KB

MD5
02c5691af81933ce36735946e3ed1ea4

SHA1
2faed8d51a0800f127e424bfba9d44bab6aee1b2

SHA256
e1f5e87796c015e567153db6b994a35a34b0819b1093d1ea12064ee35102c42d

SHA512
ebde4772c94f5199a2936f8fdbcf80e57d11a820276b1e1323fbcde6d192cd89bcc69a441cff17e26d688427fe05e62cc858e896c0647d93c9e2ebe74a6e6749

Download Submit
memory/440-1059-0x00000261BA0D0000-0x00000261BA0DE000-memory.dmp

Filesize
56KB

Download
memory/440-1050-0x00000261BA0C0000-0x00000261BA0CE000-memory.dmp

Filesize
56KB

Download
memory/440-965-0x00000261BA100000-0x00000261BA1B2000-memory.dmp

Filesize
712KB

Download
memory/440-961-0x00000261A05D0000-0x00000261A05D8000-memory.dmp

Filesize
32KB

Download
memory/440-1165-0x00000261BAB00000-0x00000261BAB4A000-memory.dmp

Filesize
296KB

Download
memory/440-1074-0x00000261BA580000-0x00000261BA58A000-memory.dmp

Filesize
40KB

Download
memory/440-1061-0x00000261BA0F0000-0x00000261BA0FC000-memory.dmp

Filesize
48KB

Download
memory/440-1072-0x00000261BA790000-0x00000261BA83A000-memory.dmp

Filesize
680KB

Download
memory/440-1065-0x00000261BA640000-0x00000261BA652000-memory.dmp

Filesize
72KB

Download
memory/440-1071-0x00000261BA570000-0x00000261BA578000-memory.dmp

Filesize
32KB

Download
memory/440-1069-0x00000261BA6A0000-0x00000261BA6D6000-memory.dmp

Filesize
216KB

Download
memory/440-1067-0x00000261BA560000-0x00000261BA56E000-memory.dmp

Filesize
56KB

Download
memory/440-1063-0x00000261BA610000-0x00000261BA63A000-memory.dmp

Filesize
168KB

Download
memory/440-967-0x00000261B9340000-0x00000261B9362000-memory.dmp

Filesize
136KB

Download
memory/440-1052-0x00000261BA0E0000-0x00000261BA0EA000-memory.dmp

Filesize
40KB

Download
memory/440-963-0x00000261B9310000-0x00000261B933A000-memory.dmp

Filesize
168KB

Download
memory/440-1034-0x00000261BA0A0000-0x00000261BA0BE000-memory.dmp

Filesize
120KB

Download
memory/440-1033-0x00000261BA590000-0x00000261BA606000-memory.dmp

Filesize
472KB

Download
memory/440-991-0x00000261B9300000-0x00000261B9308000-memory.dmp

Filesize
32KB

Download
memory/440-990-0x00000261BA070000-0x00000261BA09E000-memory.dmp

Filesize
184KB

Download
memory/440-988-0x00000261B92E0000-0x00000261B92F0000-memory.dmp

Filesize
64KB

Download
memory/440-986-0x00000261B9390000-0x00000261B93AC000-memory.dmp

Filesize
112KB

Download
memory/440-971-0x00000261B9370000-0x00000261B9384000-memory.dmp

Filesize
80KB

Download
memory/440-955-0x00000261A0140000-0x00000261A019C000-memory.dmp

Filesize
368KB

Download
memory/440-957-0x00000261A0B90000-0x00000261A0BBA000-memory.dmp

Filesize
168KB

Download
memory/440-969-0x00000261A05E0000-0x00000261A05EC000-memory.dmp

Filesize
48KB

Download
memory/440-959-0x00000261A0BC0000-0x00000261A0BF6000-memory.dmp

Filesize
216KB

Download
memory/2820-1214-0x000002B2E1EE0000-0x000002B2E2686000-memory.dmp

Filesize
7.6MB

Download
memory/3152-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3152-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/5812-52-0x0000000007290000-0x0000000007291000-memory.dmp

Filesize
4KB

Download
memory/5812-84-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-33-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-35-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-77-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-37-0x0000000007240000-0x0000000007241000-memory.dmp

Filesize
4KB

Download
memory/5812-32-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-38-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-71-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-46-0x0000000007270000-0x0000000007271000-memory.dmp

Filesize
4KB

Download
memory/5812-47-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-48-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-70-0x00000000072F0000-0x00000000072F1000-memory.dmp

Filesize
4KB

Download
memory/5812-69-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-49-0x0000000007280000-0x0000000007281000-memory.dmp

Filesize
4KB

Download
memory/5812-753-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/5812-50-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-87-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/5812-51-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-30-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-53-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-31-0x0000000007220000-0x0000000007221000-memory.dmp

Filesize
4KB

Download
memory/5812-23-0x0000000006DA0000-0x00000000070BA000-memory.dmp

Filesize
3.1MB

Download
memory/5812-54-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-79-0x0000000007320000-0x0000000007321000-memory.dmp

Filesize
4KB

Download
memory/5812-80-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-25-0x0000000007200000-0x0000000007201000-memory.dmp

Filesize
4KB

Download
memory/5812-27-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-89-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/5812-81-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-28-0x0000000007210000-0x0000000007211000-memory.dmp

Filesize
4KB

Download
memory/5812-82-0x0000000007330000-0x0000000007331000-memory.dmp

Filesize
4KB

Download
memory/5812-83-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-39-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-40-0x0000000007250000-0x0000000007251000-memory.dmp

Filesize
4KB

Download
memory/5812-36-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-44-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-41-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-45-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-42-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-90-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/5812-43-0x0000000007260000-0x0000000007261000-memory.dmp

Filesize
4KB

Download
memory/5812-59-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-26-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-63-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-61-0x00000000072C0000-0x00000000072C1000-memory.dmp

Filesize
4KB

Download
memory/5812-55-0x00000000072A0000-0x00000000072A1000-memory.dmp

Filesize
4KB

Download
memory/5812-56-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-57-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-58-0x00000000072B0000-0x00000000072B1000-memory.dmp

Filesize
4KB

Download
memory/5812-62-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-1138-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/5812-64-0x00000000072D0000-0x00000000072D1000-memory.dmp

Filesize
4KB

Download
memory/5812-65-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-66-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-60-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-67-0x00000000072E0000-0x00000000072E1000-memory.dmp

Filesize
4KB

Download
memory/5812-68-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-72-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-73-0x0000000007300000-0x0000000007301000-memory.dmp

Filesize
4KB

Download
memory/5812-74-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-75-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-76-0x0000000007310000-0x0000000007311000-memory.dmp

Filesize
4KB

Download
memory/5812-78-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-34-0x0000000007230000-0x0000000007231000-memory.dmp

Filesize
4KB

Download
memory/5812-29-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/5812-17-0x0000000006B70000-0x0000000006B86000-memory.dmp

Filesize
88KB

Download
memory/5812-6-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/5812-88-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/6112-1053-0x0000022F32B80000-0x0000022F32C4E000-memory.dmp

Filesize
824KB

Download